Process GDPR Request

Endpoint	Method
`/api/admin/customers/gdpr-requests/{id}/process`	POST

Destructive action

For type=delete requests this cascades the customer deletion (fires customer.delete.before/after so the GDPR module's listeners run). For type=update requests it only marks the request approved — admin then applies the requested edits through the regular Customer update endpoint.

Idempotency by rejection

Already-approved or revoked requests are refused with 422.

Permission: customers.gdpr_requests.edit.

Locales

Queries

Category

Queries

Theme Customisations

CMS Pages

Queries

Product

Queries

Product Review

Queries

Mutations

Attribute

Queries

Channel

Queries

Currency

Queries

Country

Customer

Queries

Mutations

Cart

Queries

Mutations

Checkout

Queries

Mutations

Wishlist

Queries

Mutations

Compare

Queries

Mutations

Contact Us

Mutations

Admin Profile

Catalog

Products

Categories

Attributes

Attribute Families

CMS

Queries

Mutations

Sales

Orders

Carts

Invoices (Datagrid)

Shipments (Datagrid)

Refunds (Datagrid)

Transactions

Bookings

Customers

Addresses

Notes

Impersonate

Customer Groups

Reviews

GDPR Requests

Create-Order Helpers

Settings

Locales

Currencies

Exchange Rates

Inventory Sources

Channels

Admin Users

Roles

Themes

Tax Categories

Tax Rates

Data Transfer Imports

Dashboard

Reporting

Marketing

Promotions

Communications

Search SEO

Configuration

Process GDPR Request